SecurityWeek

Noteworthy stories that might have slipped under the radar: EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying. 

A class action lawsuit has been filed against Intel over its handling of CPU speculative execution vulnerabilities, with a focus on Downfall.

France and the UK are calling for greater regulation of commercial surveillance software in the wake of recent Pegasus and Predator spyware scandals.

CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.

The State of Maine says the personal information of 1.3 million individuals was compromised in the MOVEit attack.

A ransomware attack on China’s biggest bank, the Industrial and Commercial Bank of China Financial Services, disrupts Treasury market trades.

A medical company has been fined $450,000 by the New York AG over a data breach that may have involved exploitation of a SonicWall vulnerability.

The Washington, DC startup is building a threat-informed defense platform that helps organizations automate detection and response work.

Checkmarx uncovers a malicious campaign targeting Python developers with malware that takes over their systems.

ChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan.

UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks.

Japan Aviation Electronics confirms cyberattack as Alphv/BlackCat ransomware group publishes allegedly stolen data.

CISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks.

CVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates.

Mandiant says Russia's Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine.

Silicon Valley startup is pitching APIs to help organizations protect data and ensure compliance throughout the AI deployment lifecycle.

GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster.

DHS launches Shields Ready, a new campaign promoting security and resilience for critical infrastructure organizations.

Offensive Security does not focus on discreet attacks, singular actors, or Indicators of compromise, but understands the entirety of both sides of the battlefield.

Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.